The secure file transfer platform Fortra GoAnywhere has a zero-day vulnerability that was used to steal data, according to cybersecurity company Rubrik. The company stated that it had been the target of a widespread attack employing a zero-day vulnerability targeting GoAnywhere MFT devices all around the world, according to a statement from Rubrik CISO Michael Mestrovichon.
The recent attack on the Fortra GoAnywhere secure file transfer platform has caused widespread concern in the cybersecurity community. According to reports, the Clop ransomware gang has claimed responsibility for the attack, which they say involved breaching 130 organizations over the course of ten days.
Fortra, the makers of the platform, disclosed the vulnerability in February, noting that it was being actively exploited and releasing a patch. However, this was not enough to prevent the attack from taking place.
One of the victims of the attack was Rubrik, a cloud data management service that provides disaster recovery and enterprise data backup and recovery services. The company acknowledged that it had been the target of an extensive attack utilizing a zero-day vulnerability targeting GoAnywhere MFT devices all over the world in a statement from Rubrik CISO Michael Mestrovichon.
The breach was contained in a non-production IT testing environment, and no customer data was impacted, according to Rubrik. However, the Clop ransomware gang added Rubrik to their data leak site, sharing samples of stolen files and stating that the data would soon be publicly released.
This has caused significant concern among Rubrik’s customers, as the leaked files appear to contain sensitive information, such as the names, email addresses, and locations of employees. Rubrik has assured its customers that the breach did not include any data they secured on their customers’ behalf via any Rubrik products.
The threat actors behind the attack did not spread laterally to the internal systems, and the test environment was taken offline to prevent further intrusions. However, the fact that such a significant attack was able to take place highlights the need for companies to be proactive in identifying and addressing vulnerabilities in their systems.
As the investigation into the attack continues, more details will likely emerge about how the Clop ransomware gang was able to breach so many organizations in such a short period.
Rubrik Response And Measures Taken
Following the attack, Rubrik issued a statement through its Chief Information Security Officer (CISO), Michael Mestrovichon, disclosing that they had been victims of a zero-day attack on the Fortra GoAnywhere MFT devices, and unauthorized access was detected in a limited amount of information in one of their non-production IT testing environments. Rubrik stated that no customer data was impacted, and the breach was contained in a non-production IT testing environment.
To address the situation, Rubrik has taken several measures. Firstly, they engaged the services of third-party forensics experts to assist in their current investigation of the incident. Rubrik has been conducting a thorough investigation to determine the attack’s size and scope and the damage’s extent. Secondly, Rubrik has taken its non-production IT testing environment offline to prevent further intrusions by attackers.
Additionally, Rubrik has provided assurance to its customers that the unauthorized access did not include any data that Rubrik secures on behalf of its customers via any Rubrik products. The company has also pledged to work with law enforcement agencies to bring the perpetrators to justice.
Rubrik has also implemented a comprehensive plan to prevent future cyberattacks. The plan includes enhancing their IT security infrastructure and strengthening their internal controls. The company has also conducted additional security awareness training for its employees to educate them on the importance of cybersecurity and the role they play in safeguarding the company’s data.
Finally, Rubrik has implemented a range of remedial measures to address the damage caused by the attack. These include cleaning up the affected systems and ensuring that all IT systems are updated and patched against the latest security vulnerabilities.
In conclusion, Rubrik has taken the necessary steps to address the zero-day attack on its IT systems. By engaging the services of third-party forensics experts, taking its non-production IT testing environment offline, and implementing a comprehensive plan to prevent future cyberattacks, Rubrik has shown a commitment to protecting its data and that of its customers.
Conclusion
The Forta GoAnywhere attacks have affected many organizations globally, with the Clop ransomware gang taking responsibility for the attacks. Rubrik was one of the affected organizations, but they quickly detected the intrusion and prevented any further damage. The incident emphasizes the importance of keeping software up to date and patching vulnerabilities as soon as they are discovered. It also highlights the need for companies to prevent, identify, and react to security problems with strong cybersecurity safeguards in place.
Following the attack, Rubrik issued a statement through its Chief Information Security Officer (CISO), Michael Mestrovichon, disclosing that they had been victims of a zero-day attack on the Fortra GoAnywhere MFT devices, and unauthorized access was detected in a limited amount of information in one of their non-production IT testing environments. Rubrik stated that no customer data was impacted, and the breach was contained in a non-production IT testing environment.
